[Translation] Secure Application that use Web Service

Web services can ensure security, but when building a web service-based Scalable Distributed Application, its limitations should still exist. In particular, it is difficult to build a scalable application that spans security domains. Currently, You can reinforce web services by transmitting messages over secure transmission channels, such as SSL, but it can only be used for end-to-end communication. That is to say, if a SOAP message must be transmitted through one or more intermediate media before it reaches the terminal receiver, and a real route uses SSL, the terminal receiver still has to communicate with the sender, to authenticate the reliability of soap messages. This situation is more difficult to expand.

Message-level security
WSe provides three features for secure transmission of soap messages:
Security Authentication ensures the security of web services on all routes for transmitting soap messages. This is different from a secure transmission, such as SSL, which only achieves end-to-end security.
The Digital Signature allows the SOAP Message Receiver to verify whether a SOAP message has been tampered with after the signature.
Encryption allows only specified recipients to read the message content. The encrypted SOAP message generates a secret key shared with the specified receiver.

One of WSE's features helps build scalable distributed applicationsProgramIs to ensure the security of web services through an efficient and scalable mechanism. It uses the Mechanism defined in the WS-Security Specification to put security authentication information in soap messages. This requires a client to obtain the certificate. The source of the certificate is a trusted third party other than the message sender and receiver. When a message sender receives a SOAP request, the security certificates commonly referred to as security tokens are placed in the SOAP message. When a web server receives a SOAP request, it does not need to perform another network request back or the client's computer or a trusted third party to verify the integrity of the security token. This may be because the security credential is a security token that has been proved by the trusted source and client. Customers can verify their own security tokens by performing encryption operations, such as digitally signed soap messages. The acceptor can perform another encryption operation to verify that the client has a security token from a reliable source, such as a verified digital signature. Without returning the full certificate to the source, at least one network request is saved, further improving the scalability of the application.